Hackable, Messy Politics

It’s already widely understood that the electronic voting machines used by a growing number of US states are easy to hack. But just how easy may not be clear. Consider this from today’s Wall Street Journal:

LAS VEGAS—A touch-screen voting machine used in a 2014 election in Virginia was hacked in about 100 minutes by exploiting a Windows XP flaw that was more than a decade old as part of a demonstration on security vulnerabilities in election technology.

The hacker was Carsten Schürmann, an associate professor with IT University of Copenhagen. He was one of the computer hackers invited to the Defcon convention in Las Vegas to test the security and integrity of common pieces of voting technology, many of which were purchased more than a decade ago and are rapidly becoming obsolete.

Within hours of the doors opening Friday at the Voting Machine Hacking Village, hackers penetrated the WinVote 2000 voting machine and gained access to an electronic poll book, the kind used to check in voters at thousands of polling places across the country. Microsoft Corp. , which made the Windows XP operating system, declined to comment.

They also penetrated the hardware and firmware of a kind of touch-screen voting machine used in hundreds of jurisdictions across the country, and could attack a simulated county voter registration network, like the networks in 21 states that were compromised by attackers last year.

After the disputed 2000 presidential election, when a hand recount of Florida’s paper ballots produced weeks of uncertainty about the outcome and criticism of the standards used to count ballots, a new law awarded more than $3 billion to state and local governments to help them replace aging mechanical voting machines that were widespread at the time.

By and large, those governments bought touch-screen electronic voting machines that started to come into service in advance of the 2004 presidential election. But what was once state-of-the-art technology is now antiquated. Many voting systems run on technology that is rarely seen by modern consumers and which has not seen a security update in years.

The WinVote system hacked at Defcon was likely vulnerable to a wireless attack for years, Mr. Schürmann said. WinVote’s manufacturer, Advanced Voting Solutions Inc. is no longer in business.

To hack the WinVote machine, Mr. Schürmann used a pair of widely used hacking tools. First, he connected wirelessly with the machine, a rectangular keyboardless computer that is a little larger than a laptop. Then, taking advantage of a flaw in the voting machine’s Windows XP operating system, he gained administrative control of the system.

That allowed him unfettered access to the machine and the ability to manipulate vote results, he said. During the interview, he remotely shut down the voting machine, baffling other conference attendees who had not realized that he had seized control of the system.

There are two obvious solutions to the problem of hackable voting machines: Add a paper back-up system to make a physical audit possible, or accept that voting is something that can’t and shouldn’t be automated, and go back to the paper ballots that have kind-of-sort-of worked for the past couple of centuries.

But we won’t be doing that anytime soon. Governments tend to move slowly in the best of times when big systems are involved. And these are not the best of times. Budgets are tight everywhere thanks to insanely generous, criminally underfunded public sector pensions, so very few states and cities will have the cash to revamp their voting systems in the next election cycle.

The result? Several more cycles in which the losers suspect they’ve been robbed, the winners have trouble establishing legitimacy, and not much of consequence gets done. The level of trust in major institutions – which is already plunging after four decades of financial mismanagement – will have another reason to fall.

Eventually, this will impact the world’s fiat currencies. As concepts rather than tangible things, they depend on our trust in the people managing them. And as that trust evaporates, so will our willingness to hold and transact in dollars, euros and yen.

In this case, tech is a two-edged sword. The same capabilities that make elections easy to hack also make cryptocurrencies and digital gold viable competitors for fiat currencies. And government paralysis risks letting both trends continue past the point of no return.